Uber Speeds Off with Riders’ Personal Information

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

Uber Speeds Off with Riders’ Personal Information

The Federal Trade Commission recently announced a settlement with Uber addressing charges against the ride-sharing company for deceiving consumers by failing to monitor employee access to consumer personal information and by failing to reasonably secure sensitive consumer data stored in the cloud. In its complaint, the FTC alleged that the San Francisco-based firm failed to live up to its claims that it had deployed reasonable measures to secure personal information stored on a third-party cloud to prevent and monitor employees from gaining access to consumers and other drivers sensitive information.

Uber stated it used a well-known third-party cloud storage service to maintain large amounts of sensitive information, including back-ups of its massive rider and driver databases. If consumers expressed reluctance to provide personal data, customer service reps eased their concerns by promising that Uber was “extra vigilant” and that their information “will be stored safely and used only for purposes you’ve authorized. From August 2015 until May 2016, Uber ignored alerts concerning the possible misuse of consumers’ personal information.

In May 2014, an intruder used an access key an Uber engineer had publicly posted on a code-sharing site to access the names and driver’s license numbers of 100,000 Uber drivers, as well as some bank account information and Social Security numbers. The FTC claims Uber didn’t discover the breach for almost four months. The proposed settlement prohibits Uber from misrepresenting its privacy and security practices. It also requires Uber to put a comprehensive privacy program in place and to get independent third-party audits every two years for the next 20 years. You can file a public comment about the settlement until September 15, 2017.

If you believe that you have been a victim of fraud or identity theft:

Contact the three Credit Reporting agencies – Transunion, Equifax, and Experian – to place a fraud alert on all your account. This should also be done for the student as well, since their Social Security Number is also at risk.

Notify your bank and credit card companies of your situation.

If you normally do online banking or manage your credit card accounts online, place alerts on each account so that you will be notified by email or text of any transaction, based on the parameters you set.